I’m currently experimenting with STIR/SHAKEN on Asterisk 22 and discovered the dial plan doesn’t continue for anonymous calls. In fact it doesn’t see to even get as far as the dial plan, I just get a single ERROR on the console:
[Feb 5 09:25:08] ERROR[24530]: res_stir_shaken/verification.c:692 ast_stir_shaken_vs_ctx_create: PJSIP/foo1-00000014: Must provide caller_id
My stir shaken conf looks like:
[attestation]
global_disable = no
private_key_file = /var/lib/asterisk/keys/stir_shaken/sp2-key.pem
public_cert_url = https://example.com/sp2-cert.pem
attest_level = C
[2000]
type = tn
attest_level = C
[verification]
global_disable = no
ca_file = /var/lib/asterisk/keys/stir_shaken/ca-cert.pem
failure_action = continue
[default-profile]
type=profile
endpoint_behavior=on
x5u_acl=default-acl
Am I missing something? I thought it was possible to receive an Anonymous call, it just wouldn’t be attested?
Thanks
I’m checking. Do you happen to have a dump of the SIP headers you can share?
Thanks for looking into. The INVITE is as follows:
INVITE sip:100@example.com:5061 SIP/2.0
Via: SIP/2.0/TLS 10.222.0.131:5061;rport;branch=z9hG4bKPjbc00c02a-94c0-45c8-b55c-3196277193e5;alias
From: "Anonymous" <sip:anonymous@anonymous.invalid>;tag=efa039dc-2b58-4974-afb5-a65b06ecbbef
To: <sip:100@example.com>
Contact: <sip:asterisk@10.222.0.131:5061;transport=TLS>
Call-ID: 50dd28f8-cbad-4ac4-8bf0-98f3791981d4
CSeq: 30442 INVITE
Allow: OPTIONS, REGISTER, SUBSCRIBE, NOTIFY, PUBLISH, INVITE, ACK, BYE, CANCEL, UPDATE, PRACK, MESSAGE, INFO, REFER
Supported: 100rel, timer, replaces, norefersub, histinfo
Session-Expires: 1800
Min-SE: 90
Max-Forwards: 70
User-Agent: Asterisk PBX 22.1.1
Content-Type: application/sdp
Content-Length: 235
Yeah it’s a bug. Please open an issue at GitHub · Where software is built if you haven’t already.
I have a fix ready. There will be a PR up within an hour. I’ll also open the issue since I need it to create the PR.
I’ve opened issue
opened 05:32PM - 05 Feb 25 UTC
bug
support-level-core
### Severity
Minor
### Versions
all
### Components/Modules
res_stir_shaken.… so
### Operating Environment
All
### Frequency of Occurrence
Occasional
### Issue Description
Originally reported on the community forums... [STIR/SHAKEN doesn’t continue for Anonymous calls](https://community.asterisk.org/t/stir-shaken-doesnt-continue-for-anonymous-calls/106788)
When verification is enabled for an endpoint and the failure_action is continue or continue_return_reason and a call is received with no or Anonymous caller_id, the call is terminated rather than allowed to continue into the dialplan.
### Relevant log output
```shell
```
### Asterisk Issue Guidelines
- [x] Yes, I have read the Asterisk Issue Guidelines
@marrold There’s a pull request up on GitHub that should fix the issue…
master
← gtjoseph:master-stir-anon-cid
opened 05:52PM - 05 Feb 25 UTC
The verification check for missing or anonymous callerid was happening before
th… e endpoint's profile was retrieved which meant that the failure_action
parameter wasn't available. Therefore, if verification was enabled and there
was no callerid or it was "anonymous", the call was immediately terminated
instead of giving the dialplan the ability to decide what to do with the call.
* The callerid check now happens after the verification context is created and
the endpoint's stir_shaken_profile is available.
* The check now processes the callerid failure just as it does for other
verification failures and respects the failure_action parameter. If set
to "continue" or "continue_return_reason", `STIR_SHAKEN(0,verify_result)`
in the dialplan will return "invalid_or_no_callerid".
* If the endpoint's failure_action is "reject_request", the call will be
rejected with `433 "Anonimity Disallowed"`.
* If the endpoint's failure_action is "continue_return_reason", the call will
continue but a `Reason: STIR; cause=433; text="Anonimity Disallowed"`
header will be added to the next provisional or final response.
Resolves: #1112
Please test and comment in the github issue.
Hi,
Tested and confirmed fixed. Thanks for such a quick turnaround!
Cheers